d9/dc6/SafeParam_8php_source.html

 <?php

 class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
 {
     public $name = "SafeParam";

     private $uri;

     public function __construct()
     {
         $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
         $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
     }

     public function transform($attr, $config, $context)
     {
         // If we add support for other objects, we'll need to alter the
         // transforms.
         switch ($attr['name']) {
             // application/x-shockwave-flash
             // Keep this synchronized with Injector/SafeObject.php
             case 'allowScriptAccess':
                 $attr['value'] = 'never';
                 break;
             case 'allowNetworking':
                 $attr['value'] = 'internal';
                 break;
             case 'allowFullScreen':
                 if ($config->get('HTML.FlashAllowFullScreen')) {
                     $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';
                 } else {
                     $attr['value'] = 'false';
                 }
                 break;
             case 'wmode':
                 $attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
                 break;
             case 'movie':
             case 'src':
                 $attr['name'] = "movie";
                 $attr['value'] = $this->uri->validate($attr['value'], $config, $context);
                 break;
             case 'flashvars':
                 // we're going to allow arbitrary inputs to the SWF, on
                 // the reasoning that it could only hack the SWF, not us.
                 break;
             // add other cases to support other param name/value pairs
             default:
                 $attr['name'] = $attr['value'] = null;
         }
         return $attr;
     }
 }

 // vim: et sw=4 sts=4
HTMLPurifier_AttrTransform_SafeParam\$name
$name
string
Definition: SafeParam.php:20

HTMLPurifier_AttrTransform
Processes an entire attribute array for corrections needing multiple values.
Definition: AttrTransform.php:17

$context
$context
Definition: webdav.php:25

$config
$config
Definition: bootstrap.php:15

HTMLPurifier_AttrTransform_SafeParam\$uri
$uri
HTMLPurifier_AttrDef_URI
Definition: SafeParam.php:25

HTMLPurifier_AttrTransform_SafeParam
Validates name/value pairs in param tags to be used in safe objects.
Definition: SafeParam.php:15

HTMLPurifier_AttrTransform_SafeParam\transform
transform($attr, $config, $context)
Definition: SafeParam.php:39

HTMLPurifier_AttrTransform_SafeParam\__construct
__construct()
Definition: SafeParam.php:27

HTMLPurifier_AttrDef_Enum
Validates a keyword against a list of valid values.
Definition: Enum.php:10

php

HTMLPurifier_AttrDef_URI
Validates a URI as defined by RFC 3986.
Definition: URI.php:7